GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jun 24, 2012 2:26 pm Post subject: [ GLSA 201206-23 ] PyCrypto: Weak key generation |
|
|
Gentoo Linux Security Advisory
Title: PyCrypto: Weak key generation (GLSA 201206-23)
Severity: normal
Exploitable: remote
Date: June 24, 2012
Bug(s): #417625
ID: 201206-23
Synopsis
PyCrypto generates weak ElGamal keys.
Background
PyCrypto is the Python Cryptography Toolkit.
Affected Packages
Package: dev-python/pycrypto
Vulnerable: < 2.6
Unaffected: >= 2.6
Architectures: All supported architectures
Description
An error in the generate() function in ElGamal.py causes PyCrypto to
generate weak ElGamal keys.
Impact
A remote attacker might be able to derive private keys.
Workaround
There is no known workaround at this time.
Resolution
All PyCrypto users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.6"
|
References
CVE-2012-2417 |
|